Buy a firewall, get the router free

'We want more presence in the branch router market,' said Juniper Networks Inc. senior director of enterprise products Chris Spain during a recent visit to Washington. Hence the Sunnyvale, Calif.-based company's new Juniper Secure Services Gateway 500 family of security appliances, which debuts this week.

The quote is both oversimplification and out of context, but the new appliances could in fact be attractive to agencies with branches or regional offices that need connectivity to HQ and the Internet at large. (The original question, for the record, was something like, 'How can Juniper build the appliances the way it did and not make it cost more?' The answer had more parts, but the branch-office presence thing stuck out.) Put simply, the SSG 500 products take Juniper's popular NetScreen line of firewall/virtual private network/intrusion detection devices and add LAN/WAN routing'at about the same price as the appliances they replace. (But Juniper doesn't plan to discontinue the NS-208 or NS-50, for instance, because some people like separate boxes for security and routing.)

The SSG 550, which is the high-end device, goes for $10,000 (plus an extra $500 if you want 1GB of memory to run advanced content security functions). It has four fixed 10/100/1000 ports, plus six WLAN/LAN expansion slots that can handle everything from Fast Ethernet to small form-factor pluggable optics. The firewall operates at up to 1 Gbps, the VPN at 500 Mbps and the system can handle up to 1,000 VPN tunnels, according to Juniper specs. Spain said the SSG 500 delivers six times the performance of previous NetScreen devices, thanks partly to faster Intel processors.

One feature we'd like to test out, because it has the potential of alleviating some headaches, is the product's new management console. Spain said it's highly role-based out of necessity because you don't want security staffs messing with router tables, for example, or network guys tinkering with content security.

The SSG 500 models out this week won't have it, but in the summer Juniper expects to add Kaspersky antivirus and Symantec anti-spam technology, plus Websense and SurfControl content filtering.